Alleged upskirter ordered to hand over iPhone passcode by court

A Florida man suspected of upskirting – crouching on a store’s floor to snap photos under a woman’s skirt – can be compelled to hand over his four-digit iPhone passcode so investigators can check his photos, a court of appeals ruled (PDF) last week.

According to court records, the woman was shopping when she saw what she says looked like a cellphone, illuminated and pointing up under her skirt, held out and up by a man crouching on the floor and extending his arm.

She confronted him, and the man told her that he’d just dropped his phone. She yelled for help and tried to detain the man, but he took off.

Surveillance video showed him getting into a car in the parking lot, as well as the car’s license plate number.

Police tracked Aaron Stahl to his home, where they arrested him for the third-degree felony of voyeurism. During an interview with police, he gave verbal consent for them to search his phone.

So police got a warrant for the phone, but they weren’t able to access the photos it held.

In recent years, there have been many court cases involving the government trying to force Apple to break its own encryption, craft a back door and let investigators get at phone contents.

One of the more torturous court battles was the case of the FBI trying to force Apple to create a backdoor to get past its own encryption so the bureau could access messages involved in the San Bernardino shootings.

The FBI backed off, dropping the case against Apple after the bureau managed to get past iOS encryption on terrorist Syed Farook’s phone, with the help of a mysterious third party …which led to Apple saying, basically, that it sure didn’t look like the Feds needed any help to get into the locked iPhone belonging to an alleged methamphetamine dealer in New York.

In any of these or other cases, the police are at the mercy of Apple’s having tied the encryption key to the passcode: a security feature that wipes a device after 10 failed password attempts.

In a previous court decision, a judge had said that Stahl couldn’t be made to reveal his iPhone passcode, citing Fifth Amendment protection against self-incrimination.

The thinking: ever since Apple introduced Touch ID, many privacy and legal experts have been saying that biometric information such as fingerprints are like our DNA samples or our voice imprints: they’re simply a part of us. They don’t reveal anything that we know, meaning that they don’t count as testimony against ourselves.

Therefore, the prevailing thinking has gone, forcing suspects to press their fingers to get into a phone doesn’t breach their Fifth Amendment rights against forced self-incrimination.

Hence, we’ve seen multiple cases of compelled finger-presses to unlock phones. One such involved a Los Angeles woman forced to unlock her alleged gangster boyfriend’s iPhone by fingerprint.

In contrast, passcodes have been viewed as “something we know”. As such, forcing people to hand over passwords would constitute forced, unconstitutional self-incrimination.

In September 2015, a federal district court in Eastern Pennsylvania confirmed this Fifth Amendment protection for passcodes in an insider trading case between the Securities and Exchange Commission and two ex-employees of credit card company Capital One.

Still, Fifth Amendment protection hasn’t been a foolproof shelter for those who refuse to hand over passcodes.

In April, a 17-year veteran and former sergeant of the Philadelphia Police Department suspected of – but not formally charged with – possession of child abuse images was found in contempt of an order to decrypt two hard drives.

The “John Doe” had already been imprisoned for seven months in Philadelphia’s Federal Detention Center on charges of contempt.

At the time, the court ordered that he be locked up indefinitely until he was able to decrypt the drives, saying that he “[carries] the keys to his prison in his own pocket”.

In the case of the alleged Florida upskirter, Stahl, a judge had previously said that he couldn’t be compelled to reveal the code because of the Fifth Amendment.

Last week, Judge Anthony Black quashed that decision. He referred to a famous Supreme Court case, Doe v US 1988, in which Justice John Paul Stevens wrote that a defendant could be made to surrender a key to a strongbox containing incriminating documents but they could not “be compelled to reveal the combination to his wall safe”.

From his decision:

We question whether identifying the key which will open the strongbox – such that the key is surrendered – is, in fact, distinct from telling an officer the combination.

More importantly, we question the continuing viability of any distinction as technology advances.

Digital rights groups beg to differ: Electronic Frontier Foundation senior staff attorney Mark Rumold told the BBC that the court “got it wrong”.

This is not the first time this issue has come up in the courts and I think other courts have done a better job of evaluating the Fifth Amendment and the constitutional rights that are at stake.

There are multiple cases across the US as courts grapple with the issues around unlocking phones, with rights groups such as the EFF arguing that there are “sound constitutional reasons” to prevent the state compelling information from a defendant’s mind.

It’s something the Supreme Court will need to weigh in on eventually.

In the meantime, how, exactly, do you get somebody to tell you something they don’t want to tell you? Lock him up indefinitely? …in spite of the fact that suspects in the US are presumed innocent until proved guilty?

We’ll let you know how it plays out, either in Florida or Philadelphia.